eeat-audit

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's SKILL.md explicitly requires the agent to "Fetch and read the full rendered page" given a user-provided "URL of the page to audit" (and asks to ask for pasted content if fetch fails), which means it ingests arbitrary public third-party pages that the agent must read and act on—allowing untrusted content to influence tool use and decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly fetches the user-provided "URL of the page to audit" at runtime and injects the rendered page content into the model context for the audit, so an arbitrary external page (the user-supplied audit URL) can directly influence prompts and outputs.